From 3c5a8ddc410e33595511a0a9193a2dfe4cb49a15 Mon Sep 17 00:00:00 2001 From: Lukas Stockner Date: Mon, 9 Jan 2023 15:45:14 +0100 Subject: [PATCH] bdev/rbd: fix double-free when failing to initialize cluster When bdev_rados_cluster_init encounters an error, it shuts down the cluster before returning, but since the pointer is still set, bdev_rbd_free will attempt to shut it down again, which causes a crash. Therefore, set the pointer to NULL after the first shutdown to indicate that the cluster object does not exist anymore. Change-Id: Ie403471e8aba881cb6380e74bd1a4ca8d67cbc68 Signed-off-by: Lukas Stockner Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/16203 Community-CI: Mellanox Build Bot Tested-by: SPDK CI Jenkins Reviewed-by: Tomasz Zawadzki Reviewed-by: Shuhei Matsumoto --- module/bdev/rbd/bdev_rbd.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/module/bdev/rbd/bdev_rbd.c b/module/bdev/rbd/bdev_rbd.c index 30a500d42..3263d3707 100644 --- a/module/bdev/rbd/bdev_rbd.c +++ b/module/bdev/rbd/bdev_rbd.c @@ -200,6 +200,7 @@ bdev_rados_cluster_init(const char *user_id, const char *const *config, if (ret < 0) { SPDK_ERRLOG("Failed to set %s = %s\n", entry[0], entry[1]); rados_shutdown(*cluster); + *cluster = NULL; return -1; } entry += 2; @@ -209,6 +210,7 @@ bdev_rados_cluster_init(const char *user_id, const char *const *config, if (ret < 0) { SPDK_ERRLOG("Failed to read conf file\n"); rados_shutdown(*cluster); + *cluster = NULL; return -1; } } @@ -217,6 +219,7 @@ bdev_rados_cluster_init(const char *user_id, const char *const *config, if (ret < 0) { SPDK_ERRLOG("Failed to connect to rbd_pool\n"); rados_shutdown(*cluster); + *cluster = NULL; return -1; }